Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Apr 7, 2024
1 parent 8a84fb9 commit be8d893
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,3 +154,13 @@ a0fda00325d2d253664ffc2f471328d9
c17360d00386202e7ea37ce361d2cf54
d34d96cba8f286450fd7c8d5d11f8308
06da8ad377ff1d904dc32af7038f0c81
93dd0369eae4bcea64811d3481dda1b5
5bdaad99079d0bd6b78cb220f492778b
d23663b48f5d29aa9cd2ba59ac88e890
0eb2b923b164a1d18aa874473ff5b811
07032626ff056060e31105d464abdaef
4e182befdb9a68117d0620c95c33b1d5
d9b9f84eb54c6fd61eeef29c848aa448
20bcf172618e2af057ec2ad31724bf04
b67f27af951f9a41befbb990dabe7d1b
fb589e94e464f0fa8a0eeee28df875e6
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-04-07 07:20:13 -->
<!-- RELEASE TIME : 2024-04-07 23:23:40 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>93dd0369eae4bcea64811d3481dda1b5</td>
<td>CVE-2024-3428</td>
<td>2024-04-07 18:15:13 <img src="imgs/new.gif" /></td>
<td>A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3428">详情</a></td>
</tr>

<tr>
<td>5bdaad99079d0bd6b78cb220f492778b</td>
<td>CVE-2024-31349</td>
<td>2024-04-07 18:15:13 <img src="imgs/new.gif" /></td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch – Grow your Email List allows Stored XSS.This issue affects MailMunch – Grow your Email List: from n/a through 3.1.6.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31349">详情</a></td>
</tr>

<tr>
<td>d23663b48f5d29aa9cd2ba59ac88e890</td>
<td>CVE-2024-31348</td>
<td>2024-04-07 18:15:13 <img src="imgs/new.gif" /></td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31348">详情</a></td>
</tr>

<tr>
<td>0eb2b923b164a1d18aa874473ff5b811</td>
<td>CVE-2024-31346</td>
<td>2024-04-07 18:15:12 <img src="imgs/new.gif" /></td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31346">详情</a></td>
</tr>

<tr>
<td>07032626ff056060e31105d464abdaef</td>
<td>CVE-2024-31345</td>
<td>2024-04-07 18:15:12 <img src="imgs/new.gif" /></td>
<td>Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31345">详情</a></td>
</tr>

<tr>
<td>4e182befdb9a68117d0620c95c33b1d5</td>
<td>CVE-2024-31344</td>
<td>2024-04-07 18:15:12 <img src="imgs/new.gif" /></td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31344">详情</a></td>
</tr>

<tr>
<td>d9b9f84eb54c6fd61eeef29c848aa448</td>
<td>CVE-2024-31308</td>
<td>2024-04-07 18:15:12 <img src="imgs/new.gif" /></td>
<td>Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31308">详情</a></td>
</tr>

<tr>
<td>20bcf172618e2af057ec2ad31724bf04</td>
<td>CVE-2024-31306</td>
<td>2024-04-07 18:15:12 <img src="imgs/new.gif" /></td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31306">详情</a></td>
</tr>

<tr>
<td>b67f27af951f9a41befbb990dabe7d1b</td>
<td>CVE-2024-31296</td>
<td>2024-04-07 18:15:11 <img src="imgs/new.gif" /></td>
<td>Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31296">详情</a></td>
</tr>

<tr>
<td>fb589e94e464f0fa8a0eeee28df875e6</td>
<td>CVE-2024-31292</td>
<td>2024-04-07 18:15:11 <img src="imgs/new.gif" /></td>
<td>Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31292">详情</a></td>
</tr>

<tr>
<td>05f884e2687893a376a43e52473403da</td>
<td>CVE-2024-3413</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22004">详情</a></td>
</tr>

<tr>
<td>2a6dd1d0db696ec5e5b4e9921df99e08</td>
<td>CVE-2024-30254</td>
<td>2024-04-04 19:15:08</td>
<td>MesonLSP is an unofficial, unendorsed language server for meson written in C++. A vulnerability in versions prior to 4.1.4 allows overwriting arbitrary files if the attacker can make the victim either run the language server within a specific crafted project or `mesonlsp --full`. Version 4.1.4 contains a patch for this issue. As a workaround, avoid running `mesonlsp --full` and set the language server option `others.neverDownloadAutomatically` to `true`.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30254">详情</a></td>
</tr>

<tr>
<td>4c1d461ce64c9a3960bb78179de2714e</td>
<td>CVE-2024-30252</td>
<td>2024-04-04 19:15:08</td>
<td>Livemarks is a browser extension that provides RSS feed bookmark folders. Versions of Livemarks prior to 3.7 are vulnerable to cross-site request forgery. A malicious website may be able to coerce the extension to send an authenticated GET request to an arbitrary URL. An authenticated request is a request where the cookies of the browser are sent along with the request. The `subscribe.js` script uses the first parameter from the current URL location as the URL of the RSS feed to subscribe to and checks that the RSS feed is valid XML. `subscribe.js` is accessible by an attacker website due to its use in `subscribe.html`, an HTML page that is declared as a `web_accessible_resource` in `manifest.json`. This issue may lead to `Privilege Escalation`. A CSRF breaks the integrity of servers running on a private network. A user of the browser extension may have a private server with dangerous functionality, which is assumed to be safe due to network segmentation. Upon receiving an authenticated request instantiated from an attacker, this integrity is broken. Version 3.7 fixes this issue by removing subscribe.html from `web_accessible_resources`.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30252">详情</a></td>
</tr>

<tr>
<td>fe8aed4b9c5396cbe835bc3e6bd71374</td>
<td>CVE-2024-30249</td>
<td>2024-04-04 19:15:08</td>
<td>Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR1-20240330.101522-15` impacts publicly accessible software depending on the affected versions of Network and allows an attacker to use Network as an amplification vector for a UDP denial of service attack against a third party or as an attempt to trigger service suspension of the host. All consumers of the library should upgrade to at least version `1.0.0.CR1-20240330.101522-15` to receive a fix. There are no known workarounds beyond updating the library.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30249">详情</a></td>
</tr>

<tr>
<td>e55d9623ae214233b037b634f2ee098b</td>
<td>CVE-2024-29193</td>
<td>2024-04-04 19:15:08</td>
<td>gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API (`[0]`) in the client side. Then, it uses `Object.entries` to iterate over the result (`[1]`) whose first item (`name`) gets appended using `innerHTML` (`[2]`). In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtc’s origin. As of time of publication, no patch is available.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29193">详情</a></td>
</tr>

<tr>
<td>64cc9bbf39a723abaaed7d86349bab1f</td>
<td>CVE-2024-25007</td>
<td>2024-04-04 19:15:07</td>
<td>Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25007">详情</a></td>
</tr>

<tr>
<td>ac37a39d3585b994812a60a5179bcad2</td>
<td>CVE-2024-29192</td>
<td>2024-04-04 18:15:14</td>
<td>gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The `/api/config` endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an attacker may be able to achieve that depending on how go2rtc is set up on the upstream application, and given that this endpoint is not protected against CSRF, it allows requests from any origin (e.g. a "drive-by" attack) . The `exec` handler allows for any stream to execute arbitrary commands. An attacker may add a custom stream through `api/config`, which may lead to arbitrary command execution. In the event of a victim visiting the server in question, their browser will execute the requests against the go2rtc instance. Commit 8793c3636493c5efdda08f3b5ed5c6e1ea594fd9 adds a warning about secure API access.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29192">详情</a></td>
</tr>

<tr>
<td>d564b6bbe2e7319823aa9019e48521a5</td>
<td>CVE-2024-28787</td>
<td>2024-04-04 18:15:14</td>
<td>IBM Security Verify Access 10.0.0 through 10.0.7 and IBM Application Gateway 20.01 through 24.03 could allow a remote attacker to obtain highly sensitive private information or cause a denial of service using a specially crafted HTTP request. IBM X-Force ID: 286584.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28787">详情</a></td>
</tr>

<tr>
<td>1c6f68cbab6a0db99ba02ab3143ae8da</td>
<td>CVE-2024-2660</td>
<td>2024-04-04 18:15:14</td>
<td>Vault and Vault Enterprise TLS certificates auth method did not correctly validate OCSP responses when one or more OCSP sources were configured. Fixed in Vault 1.16.0 and Vault Enterprise 1.16.1, 1.15.7, and 1.14.11.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2660">详情</a></td>
</tr>

<tr>
<td>c2d38650dcf41fa2e5137274a5046849</td>
<td>CVE-2024-27268</td>
<td>2024-04-04 18:15:13</td>
<td>IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.3 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 284574.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-27268">详情</a></td>
</tr>

<tr>
<td>afeaec7f7ecf15b5b945861d3006ddd5</td>
<td>CVE-2024-25709</td>
<td>2024-04-04 18:15:13</td>
<td>There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS versions 10.8.1 – 1121 that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item which will potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25709">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit be8d893

Please sign in to comment.